13 May 2016

Petya ransomware is back with a friend named Misha

Petya ransomware is back with a friend named Misha

Petya ransomware became very popular because of its name. However, the code was not efficient enough to make money for malware writers. Petya needed administrative privileges on the system to modify master boot record. If it could not get administrative privileges, it did nothing with the infected computer.

Ransomware writers had to do something about it, and they did: a very clever and scary move from. They released new malware named Misha. It is downloaded by Petya in case Petya’s installation has failed. Misha does not require administrative privileges, according to Bleepingcomputer.

After installation Misha ransomware encrypts files with AES encryption algorithm and demands ransom of 1.93 bitcoins (approximately $875). Encrypted files are renamed and 4-character extension is added to the filename, for example: test.jpg will renamed into test.jpg.7GP3.

Ransomware is distributed via emails with link to malicious executables, disguised as job applications.

Unfortunately, there is no know way to restore encrypted files for free.

Back to the list

Latest Posts

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Patch Tuesday: 60 vulnerabilities, 2 zero-days and good old LNK bugs

Today Microsoft has released security fixes for 60 vulnerabilities in total. Among them 2 zero-days in Windows Shell and Internet Explorer.
15 August 2018
Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
Featured vulnerabilities
Denial of service in GNOME Display Manager
Low Patched | 17 Aug, 2018
Information disclosure in Linux Kernel
Low Not Patched | 17 Aug, 2018
Information disclosure in Linux Kernel
Low Patched | 17 Aug, 2018
Privilege escalation in Network Time Protocol
Low Not Patched | 17 Aug, 2018